Multiple buffer overflow vulnerabilities exist in the...
High severity
Unreviewed
Published
Jul 6, 2023
to the GitHub Advisory Database
•
Updated Apr 4, 2024
Description
Published by the National Vulnerability Database
Jul 6, 2023
Published to the GitHub Advisory Database
Jul 6, 2023
Last updated
Apr 4, 2024
Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the handle_interface_acl function with the interface variable when in_acl is -1.
References